diff --git a/keepercommander/commands/security_audit.py b/keepercommander/commands/security_audit.py
index f49513f2a..2aa1375b2 100644
--- a/keepercommander/commands/security_audit.py
+++ b/keepercommander/commands/security_audit.py
@@ -346,7 +346,7 @@ def decrypt_security_data(sec_data, k):  # type: (bytes, RSAPrivateKey) -> Dict[
                 decrypted = None
                 if sec_data:
                     try:
-                        decrypted = crypto.decrypt_rsa(sec_data, k, pad_plaintext=True)
+                        decrypted = crypto.decrypt_rsa(sec_data, k, apply_padding=True)
                     except Exception as e:
                         error = f'Decrypt fail (incremental data): {e}'
                         self.get_error_report_builder().update_report_data(error)
diff --git a/keepercommander/crypto.py b/keepercommander/crypto.py
index 0bd22f68d..164e7799b 100644
--- a/keepercommander/crypto.py
+++ b/keepercommander/crypto.py
@@ -128,9 +128,9 @@ def encrypt_rsa(data, rsa_key):
     return rsa_key.encrypt(data, PKCS1v15())
 
 
-def decrypt_rsa(data, rsa_key, pad_plaintext=False):
-    size_diff = (rsa_key.key_size >> 3) - len(data)
-    if pad_plaintext and size_diff:
+def decrypt_rsa(data, rsa_key, apply_padding=False):
+    size_diff = (rsa_key.key_size + 7 >> 3) - len(data)
+    if apply_padding and size_diff > 0:
         pad_bytes = bytes(size_diff)
         pad_bytearray = bytearray([b for b in pad_bytes])
         data_bytearray = bytearray([b for b in data])